HIPAA Blog

[ Wednesday, February 06, 2008 ]

Wisconsin health data law: according to this article, the governor of Wisconsin is pushing new legislation that will actually make it easier for people to share and disclose health information. That sounds contrarian: why are they eroding privacy, when everyone else is bolstering it? Actually, what they're trying to do is loosen up the exchange of health information in instances where it's supposed to be exchanged. I've said it a million times, medical record privacy is the enemy of healthcare. Fetishizing "privacy" means that information does not get exchanged in instances where it could be of great, perhaps life-saving, help.

Originally, the HIPAA Privacy Rule required a written patient consent for any disclosure of PHI by a covered entity, even disclosures in the ordinary course of providing care to the patient. When this proir consent requirement was removed, folks like Ted Kennedy and Hillary Clinton blew a gasket. But removing the consent requirement for disclosures in the ordinary course of healthcare business (i.e., treatment, payment, and healthcare operations) greatly improves care. With the consent requirement, your primary care doctor could refer you to a specialist and send your file to the specialist, but the specialist could not look at the file prior to your appointment (because at that point, although you would have consented to the primary care doctor looking at your file and sending it on, you would not have signed a consent allowing the specialist to look at it). Same with a pharmacy; unless you had previously gotten a prescription from that pharmacy, the pharmacist could not fill your prescription (he couldn't even look at the prescription) until you got there and signed a consent.

Of course, a close reading of the article makes it seem like there's less here than meets the eye. If the article is right, the new law only applies to information not otherwise covered by HIPAA. I don't see how that changes much.